Skip to main content
Topic: Check out my autorice script for Artix (Read 1421 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Check out my autorice script for Artix

https://github.com/MichaelSebero/CoolRune

I've worked on this project for a while and I'd like to share it with everyone here.

Features
--------------
A visually appealing XFCE desktop enviroment.

Gaming optimizations.

Inbuilt tracker, ad blocking, security and privacy features.

The tkg-pds kernel.

An easy to understand user manual.

The s6 init system.

Productivity features and tools.

A custom version of LibreWolf that's more secure and lighter than Brave.

Stability tweaks.

A system hardness rating of 70.

AUR and Flatpack support.

Re: Check out my autorice script for Artix

Reply #1
You don't have to do a new install either, this script will install all of the packages and configurations on your existing install.

Re: Check out my autorice script for Artix

Reply #2
Please don't be upset with what I'll say but if anyone asked my advice on whether to use this it would be no.

On a personal level I don't use scripts such as this anyway but I do know there's a place for them and some people like them.

However I'm suspicious when such scripts install binaries hosted on github. Them binaries could be doing anything.
I'm not accusing you of anything but with a total of two posts here I wouldn't trust you enough to use this and imho neither should anyone else.

If I don't trust a script from the internet I can review it. A binary I cannot. Why are you installing things manually into /bin and /usr/bin anyway when packages exist? The neofetch one I get. You've made changes to show 'Coolrune'.
But what are are the konsole and dnscrypt-proxy binaries included for ? If you've made changes what are they? If you haven't why insert them into the system ? There are packages for both in the Artix repos.

Then there's another binary at /-CoolRune-/Programs/Login-Sound/StartSound
What does that do ? And others may differ in opinion but creating a new directory under root is bad form and needlessly breaks the FHS

Ask yourself this: In light of the fact that you've taken steps to harden the system resulting from the application of this script I guess you've taken the same hardening steps yourself on your system? Would you run a script such as this yourself if you hadn't created it?
Installing binaries from some random dude off the internet and sidestepping all your hardening ?

Please take this criticism as constructive. My gut tells me you are genuine. But there's no chance I'd trust my gut enough to run this and neither should anyone one else who cares about security.
My advice is to do more work on it and drop any binaries. I'd prefer to see the executable scripts gone as well but at least these can be checked.


Re: Check out my autorice script for Artix

Reply #3
I appreciate your review and I'll answer your questions. The files in CoolRune-Files are configurations for apparmor, fail2ban, ufw, hosts, dnscrypt, CoolRune's custom neofetch ASCII style, grub configurations which enable daemon services such as apparmor or graphics settings and the -CoolRune- directory is where I'll be adding software I make that I want to include with CoolRune. I originally started this project as a pre-configured clonezilla image but eventually the file corrupted so I decided to make an install script which provided the same changes as the clonezilla image did. As for "if I would install this" It would depend on a couple factors , those being "is the code open source/FOSS" and is the developer trustworthy. I was inspired by Luke Smith to make a pre-configured  setup which I could share with friends but his LARBS script wouldn't work for what I was trying to achieve.

The goal I wanted to achieve with this script was to make a 99% automatic install script which installed a hardened/performance enhanced system  and I achieved this. Two of my friends use my configuration and if my setup stops working for whatever reason I'll have a clean backup of my setup which I can run automatically.  All of the code from this project is all out in the open and if people want to make their own version of my install script they're free to.

These are the 2 scripts found in the -CoolRune- directory that I mentioned earlier.
https://github.com/MichaelSebero/Login-Sound-for-Linux
https://github.com/MichaelSebero/Productivity-Mode

If you want to install Artix with Arch / Chaotic AUR repos without the hardening, performance and productivity enhancements  just copy and paste these sets of commands which are found at the top of the install script.

==================================================================================================================================
pacman-key --init && pacman -Sy --noconfirm --needed p7zip && mkdir /home/CoolRune-Files && cd /home/CoolRune-Files && curl -RO https://raw.githubusercontent.com/MichaelSebero/CoolRune-Files/master/CoolRune-Pacman-1.7z && curl -RO https://raw.githubusercontent.com/MichaelSebero/CoolRune-Files/master/CoolRune-Pacman-2.7z && 7z e CoolRune-Pacman-1.7z -o/etc -y && pacman-key --refresh && pacman -Sy --noconfirm --needed artix-keyring archlinux-keyring artix-archlinux-support && pacman-key --recv-key FBA220DFC880C036 --keyserver keyserver.ubuntu.com && pacman-key --lsign-key FBA220DFC880C036 && pacman -U --noconfirm 'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-keyring.pkg.tar.zst' 'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-mirrorlist.pkg.tar.zst' && 7z e CoolRune-Pacman-2.7z -o/etc -y && pacman-key --populate archlinux artix && curl -RO https://raw.githubusercontent.com/MichaelSebero/CoolRune-Files/master/CoolRune-Dotfiles.7z && pacman -Syyu --noconfirm --needed
==================================================================================================================================

I list out all the features of CoolRune and tutorials in the manual which comes with the system.
https://raw.githubusercontent.com/MichaelSebero/CoolRune/main/CoolRune%20Manual

Re: Check out my autorice script for Artix

Reply #4
As for "if I would install this" It would depend on a couple factors , those being "is the code open source/FOSS" and is the developer trustworthy.
Then I suspect the answer would be "No you wouldn't install it". Because there's no way of judging whether you are trustworthy if you are me or indeed anyone else other than friends and acquaintances you have a prior relationship with.
Your github is almost brand new. Your github links to a website which does not have it's own domain and is in the main just links back to precompiled binaries for Coolrune plus some crypto addresses for donations. Your account here is brand new though maybe you are already a member with another username ?
There's a lot of red flags. What evidence is there to show anyone who doesn't know you the answer to "is the developer trustworthy" ?

You haven't addressed
Quote
what are are the konsole and dnscrypt-proxy binaries included for ? If you've made changes what are they? If you haven't why insert them into the system ? There are packages for both in the Artix repos.
And you may have source for Login-Sound-for-Linux on your github but what is installed from there is a pre compiled binary StartSound. Which I guess is a self contained python executable generated from startup_sound.py ?
But equally could be a rootkit which also plays a sound ? Why can't you just leave it as a python script (it's only 4 lines) and make sure the scripts dependencies are installed ?

It's a dichotomy to me the concept of installing a 'hardened' system whilst at the same time installing binaries of unknown provenance.
This doubt can be largely avoided by not installing your own pre-compiled binaries. Stick to packages from the repos or have the script build them from source so the provenance can be checked.
If you do need to patch konsole or patch dnscrypt-proxy then have the script download the build files and patch the PKGBUILD to patch the source and compile it locally. Then it can be reviewed by potential users. But bear in mind if you have patched them your changes would be lost the next time the package updates pre-compiled binary or not. If you haven't patched them their presence does concern me.

Also increasing the readability of the main script would be nice
Your line 6
Code: [Select]
pacman-key --init && pacman -Sy --noconfirm --needed p7zip && mkdir /home/CoolRune-Files && cd /home/CoolRune-Files && curl -RO https://raw.githubusercontent.com/MichaelSebero/CoolRune-Files/master/CoolRune-Pacman-1.7z && curl -RO https://raw.githubusercontent.com/MichaelSebero/CoolRune-Files/master/CoolRune-Pacman-2.7z && curl -RO https://raw.githubusercontent.com/MichaelSebero/CoolRune-Files/master/CoolRune.7z && curl -RO https://raw.githubusercontent.com/MichaelSebero/CoolRune-Files/master/CoolRune-Files.7z && 7z e CoolRune-Pacman-1.7z -o/etc -y && pacman-key --refresh && pacman -Sy --noconfirm --needed artix-keyring archlinux-keyring artix-archlinux-support && pacman-key --recv-key FBA220DFC880C036 --keyserver keyserver.ubuntu.com && pacman-key --lsign-key FBA220DFC880C036 && pacman -U --noconfirm 'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-keyring.pkg.tar.zst' 'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-mirrorlist.pkg.tar.zst' && 7z e CoolRune-Pacman-2.7z -o/etc -y && pacman-key --populate archlinux artix && curl -RO https://raw.githubusercontent.com/MichaelSebero/CoolRune-Files/master/CoolRune-Dotfiles.7z && curl -RO https://raw.githubusercontent.com/MichaelSebero/CoolRune-Files/master/CoolRune-NVIDIA-Patch.7z && pacman -Syyu --noconfirm --needed &&
Your line 18
Code: [Select]
pacman -R --noconfirm linux linux-headers epiphany xfce4-terminal xfce4-screenshooter parole xfce4-taskmanager mousepad leafpad xfburn ristretto xfce4-appfinder atril artix-branding-base artix-grub-theme mpv xfce4-sensors-plugin xfce4-notes-plugin && 7z x CoolRune-Files.7z -o/ -y && 7z x CoolRune.7z -o/ -y && 7z x CoolRune-NVIDIA-Patch.7z -o/ -y  && chattr +i /etc/hosts && s6-service add default apparmor && s6-service add default fail2ban && s6-service add default NetworkManager && s6-service add default dnscrypt-proxy && rm /etc/s6/adminsv/default/contents.d/connmand && chattr +i /etc/resolv.conf && s6-db-reload && grub-mkconfig -o /boot/grub/grub.cfg && grub-install && update-grub && read -rep $'!!! Extract CoolRune-Dotfiles.7z in /home/yourusername using pcmanfm. This file can be found in /home/CoolRune-Files. Press enter to restart your computer when the files are extacted. ' && reboot
Deobfuscated
Code: [Select]
mkdir /home/CoolRune-Files 
cd /home/CoolRune-Files
curl -RO https://raw.githubusercontent.com/MichaelSebero/CoolRune-Files/master/CoolRune-Pacman-1.7z
curl -RO https://raw.githubusercontent.com/MichaelSebero/CoolRune-Files/master/CoolRune-Pacman-2.7z
curl -RO https://raw.githubusercontent.com/MichaelSebero/CoolRune-Files/master/CoolRune.7z
curl -RO https://raw.githubusercontent.com/MichaelSebero/CoolRune-Files/master/CoolRune-Files.7z
7z e CoolRune-Pacman-1.7z -o/etc -y
pacman-key --refresh
pacman -Sy --noconfirm --needed artix-keyring archlinux-keyring artix-archlinux-support
pacman-key --recv-key FBA220DFC880C036 --keyserver keyserver.ubuntu.com
pacman-key --lsign-key FBA220DFC880C036
pacman -U --noconfirm 'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-keyring.pkg.tar.zst' 'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-mirrorlist.pkg.tar.zst'
7z e CoolRune-Pacman-2.7z -o/etc -y
pacman-key --populate archlinux artix
curl -RO https://raw.githubusercontent.com/MichaelSebero/CoolRune-Files/master/CoolRune-Dotfiles.7z
curl -RO https://raw.githubusercontent.com/MichaelSebero/CoolRune-Files/master/CoolRune-NVIDIA-Patch.7z
pacman -Syyu --noconfirm --needed
and
Code: [Select]
pacman -R --noconfirm linux linux-headers epiphany xfce4-terminal xfce4-screenshooter parole xfce4-taskmanager mousepad leafpad xfburn ristretto xfce4-appfinder atril artix-branding-base artix-grub-theme mpv xfce4-sensors-plugin xfce4-notes-plugin 
7z x CoolRune-Files.7z -o/ -y
7z x CoolRune.7z -o/ -y
7z x CoolRune-NVIDIA-Patch.7z -o/ -y 
chattr +i /etc/hosts
s6-service add default apparmor
s6-service add default fail2ban
s6-service add default NetworkManager
s6-service add default dnscrypt-proxy
rm /etc/s6/adminsv/default/contents.d/connmand
chattr +i /etc/resolv.conf
s6-db-reload
grub-mkconfig -o /boot/grub/grub.cfg
grub-install
update-grub
read -rep $'!!! Extract CoolRune-Dotfiles.7z in /home/yourusername using pcmanfm. This file can be found in /home/CoolRune-Files. Press enter to restart your computer when the files are extacted. '
reboot

I pray I'm not the only one who needs to see what these sort of scripts are doing?

Re: Check out my autorice script for Artix

Reply #5
I'm going to be honest there's no red flags about this at all. All of the source code is public and I just wanted to share this because I thought people here would find it useful. My GitHub is under a year old because I just got into software development last summer and I'm building up a portfolio for my resume. This reminds me of a incident that happened long ago where I made a modpack and I shared it on a modpack sharing Discord and the main admin said to me "no one should install your modpack because you haven't generated any hype!" because he said that no one there tried it out but eventually 300+ people installed it. StartSound is an exe version of the python StartSound that I created with pycharm so it could run as a startup application in XFCE, this same file can also be found on my GitHub.

I've tried the exact format you ordered my SH script in before and it didn't work so I decided to do it another way. When I say it "didn't work" I mean the commands would have a habit of skipping for some reason.The last part protects the configurations for dnscrypt from being messed up by conman and other networking applications.



Re: Check out my autorice script for Artix

Reply #6
Also there's no binaries? unless I included some other files on accident which shouldn't be included. The changes I made to dnscrypt was to make it work automatically without the user having to configure them manually. I copied the routes where the file changes were and stuck them into the CoolRune-Files.7z so I didn't have to do weird time consuming wizard edits. I've already spent 4 months working on this project and I'm only going to make small tweaks since it works now.

Re: Check out my autorice script for Artix

Reply #7
You still haven't explained why you are installing pre-compiled binaries for konsole and dnscrypt-proxy into /usr/bin ?

Quote
I'm going to be honest there's no red flags about this at all
Not for you because you know yourself and your intentions. How would I know ?

If you don't understand the issue here I give up trying to explain.

I've warned people and if they choose to ignore the warning that's cool.

Edit: Nothing to do with hype. It's about trust.

Re: Check out my autorice script for Artix

Reply #8
Then don't use any software then. I expect everything major to have some type of backdoor anyways and the most you can do is obfuscate your data or identity online. There's more bots than people, anything can be upvote botted or reviewed by an AI, you could be an AI, I could be an AI whatever we're in the Hell timeline right. All I can say is that I've made everything public and if you don't want to use my software that's fine I'm just not going to be doing anymore funhouses about this today.

If anyone has any questions or if they've found any bugs leave a reply on my GitHub or message me on Element at @coolrune:matrix.org. Happy New Year everyone  :)

Re: Check out my autorice script for Artix

Reply #9
You replied while I was writing that.
/bin/dnscrypt-proxy binary
/usr/bin/konsole binary

Both from CoolRune-Files

 

 

Re: Check out my autorice script for Artix

Reply #10
Then don't use any software then. I expect everything major to have some type of backdoor anyways
Now you are being ridiculous. Source code can be reviewed. Best to compile it yourself in a perfect world but failing that stick to binaries from a trusted source. I trust the Artix repo. I trust the Arch repo. I don't trust everybody on the internet. I'm sticking to that.
Happy new year xx